diff -r 5d59fd79e7f4 -r 7202e55a0713 check_ldap_repl.pl --- a/check_ldap_repl.pl Tue Apr 19 13:34:06 2016 +0200 +++ b/check_ldap_repl.pl Tue Apr 19 15:50:36 2016 +0200 @@ -18,6 +18,9 @@ # # Matthias Förste +=encoding utf8 +=cut + use strict; use warnings; @@ -44,28 +47,24 @@ my $VERSION = "0.3.3"; my $defaults = { - 'init|i!' => 0, - 'delete|d!' => 0, - 'refresh|r!' => 1, - 'dn=s' => undef, + 'attribute|a=s' => 'description', + 'dn|d=s' => undef, 'binddn|D=s' => undef, 'password=s' => undef, - 'wait|w=i' => 1, 'config=s' => '/etc/nagios/ius/plugins/config/check_ldap_repl.cfg', 'provider|p=s' => 'ldap://provider:389', 'consumer|c=s@' => 'ldap://consumer:389', + 'wait|w=i' => 1, 'help|h!' => sub { pod2usage(-verbose => 1, -exitval => $ERRORS{OK}) }, 'man|m!' => sub { pod2usage(-verbose => 2, -exitval => $ERRORS{OK}) }, 'version|V!' => sub { version($ME, $VERSION); exit $ERRORS{OK}; } }; -my $attr = 'description'; - sub critical { print STDERR "$NAME CRITICAL: ", @_; exit $ERRORS{CRITICAL}; } - $SIG{__DIE__} = sub { print STDERR "$NAME UNKNOWN: ", @_; exit $ERRORS{UNKNOWN}; }; +$SIG{__DIE__} = sub { print STDERR "$NAME UNKNOWN: ", @_; exit $ERRORS{UNKNOWN}; }; sub stamp { - my ($u, $dn) = @_; + my ($u, $dn, $attr) = @_; my $l = ref $u eq 'Net::LDAP' ? $u : Net::LDAP->new($u, onerror => 'die') or die "$@"; my $r = $l->search(base => $dn, scope => 'base', filter => '(objectClass=*)'); @@ -111,14 +110,12 @@ my $p = Net::LDAP->new($o{provider}, onerror => 'die' ) or die $@; $p->bind($o{binddn}, password => $o{password}); - $p->modify($o{dn}, replace => { $attr => $t }); + $p->modify($o{dn}, replace => { $o{attribute} => $t }); - my $tp = stamp($p, $o{dn}); - if ($o{refresh}) { - die "Provider update failed for unknown reason\n" unless $tp == $t; - sleep $o{wait}; - } - for (@{$o{consumer}}) { critical "'$_' out of sync\n" unless $tp == stamp($_, $o{dn}); } + my $tp = stamp($p, $o{dn}, $o{attribute}); + die "Provider update failed for unknown reason\n" unless $tp == $t; + sleep $o{wait}; + for (@{$o{consumer}}) { critical "'$_' out of sync\n" unless $tp == stamp($_, $o{dn}, $o{attribute}); } print "$NAME OK: servers are in sync\n"; exit $ERRORS{OK}; @@ -127,18 +124,22 @@ __END__ +=pod + =head1 NAME -check_ldap_repl - nagios/icinga plugin to check correctly working of ldap replication. +check_ldap_repl - nagios/icinga plugin to check ldap replication. This works by +updating an entry on the provider and checking whether the update is replicated +by querying the consumers for the updated entry after a short waiting period. =head1 SYNOPSIS -check_ldap_repl [-c|--cn string] - [-b|--binddn string] - [-p|--password string] - [-f|--file string] - [-M|--master string] - [-S|--slave string] +check_ldap_repl [-d|--dn string] + [-D|--binddn string] + [--password string] + [--config string] + [-p|--provider string] + [-c|--consumer string] [-w|--wait integer] [-h|--help] [-m|--man] @@ -148,47 +149,49 @@ =over -=item B<-c>|B<--cn> I +=item B<-a>|B<--attribute> I + +Attribute of the entry that will be updated and checked for replication. (default: description) -cn for the initialized object. See also the B<--init> option. (default: replcheck) +=item B<-d>|B<--dn> I + +DN of the entry whose attribute will be updated and checked for replication. =item B<-b>|B<--binddn> I -DN to bind to ldap master server. - -=item B<-p>|B<--password> I +DN to use when binding to provider for update. -Password for binddn to ldap master server. B +=item B<--password> I -=item B<-M>|B<--master> I +Password to use when binding to provider for update. B -LDAP master server (provider) (default: ldap://ldap-master:389/) +=item B<-p>|B<--provider> I -=item B<-S>|B<--slave> I +provider uri (default: ldap://provider:389/) -LDAP slave server (consumer), multiple slaves can be specified as a comma-separate list (default: ldap://ldap-slave:389/) +=item B<-S>|B<--consumer> I -=item B<-f>|B<--file> I +consumer uri. Multiple consumers can be specified as a comma separated list (see below). (default: ldap://ldap-consumer:389/) -Config file with B and B. Verify the file B/B and B, B<(0400)> is a good choice! -You can also set B and B options. (default: /etc/nagios/ius/plugins/config/check_ldap_repl.cfg) +=item B<--config> I - [bind] - dn = cn=admin,dc=local,dc=site - password = secret +Path to configuration file. Use this to store the binddn and its password. +Verify the ownership and B, B<(0400)> is a good choice! (default: +/etc/nagios/ius/plugins/config/check_ldap_repl.cfg) + - [master] - server = ldap://ldap-master:389/ +Example: - [slave] - server = ldap://ldap-slave01:389/,ldap://ldap-slave02:389/,... - - [object] - cn = replcheck + binddn = cn=admin,dc=local,dc=site + password = secret + provider = ldap://provider:389/ + consumer = ldap://consumer-01:389/,ldap://consumer-02:389/,... + dn = cn=replcheck + wait = 2 =item B<-w>|B<--wait> I -Wait I seconds before check the slave servers. (default: 1) +Wait I seconds before checking the consumer servers. (default: 1) =item B<-h>|B<--help> @@ -210,7 +213,7 @@ =head1 VERSION -This man page is current for version 0.3.2 of B. +This man page is current for version 0.3.3 of B. =head1 AUTHOR